1. Field of the Invention
The present invention relates to integrated circuit testing, and more specifically systems and methods for more secure integrated circuit testing.
2. Description of Related Art
As the performance and computational power of electronic devices steadily rises the circuit density and number of components increases as well. Processor, memory and logic circuits often include millions of gates. The vast numbers of components and high component densities pose a challenge in the testing and validation of large scale integrated circuits. These challenges have given rise to design-for-test (DFT) techniques. One DFT technique involves incorporating scan registers into the circuit design. The scan registers may be configured to include inputs to the combinational logic so that the state may be changed. The scan registers may also receive outputs from the combinational logic for evaluation of testing results. Typically, the DFT scan registers are configured to be controllably switched between a normal mode and a test mode. When in the test mode the scan registers receive an input test data signal, and in turn, provide an output signal with the test results.
One of the most popular DFT structures features a scan design with multiple externally accessible scan chains. Each scan chain has one or more scan cells coupled in series and embedded into the integrated circuit. Typically, a scan cell is a storage element such as a scan flip-flop or a scan latch. A scan structure may be used in conjunction with fault simulation and automatic test pattern generation (ATPG) to generate diagnostic test patterns that aid in production test and factory yield improvement.
Unfortunately, security and testability for integrated circuits tend to be fundamentally contradictory objectives. Scan based test is a powerful test technique but can sometimes make an otherwise secure IC vulnerable to malicious attacks. A conventional scan flip flop architecture is shown in FIG. 1A with scan flops 101-107. FIG. 1B depicts an example of typical circuitry for a single scan flop, for example, any one of scan flops 101-107. Conventional scan flop designs and scan based DFT architectures can sometimes provide full access to all flip flops in the scan chain, e.g., scan flops 101-107, thus providing a security weakness that can potentially be exploited. For example, an attacker can retrieve secret data by unloading the scan path during a cryptographic operation. It is possible to obtain secret cryptographic keys from repeated snapshots of the scan. In some instances secret data can be retrieved by loading a scan with known vectors and observing the side-channel responses. Faults can be injected in the system by loading a scan with malicious data. Another security weakness may occur at the scan interface where design or other intellectual property information can sometimes be obtained.
Circuit designers have attempted to increase the security of scan based architectures in a number of manners. One conventional method involves removal of the test interface by blowing out fused links after completion of manufacturing testing. While effective from a security standpoint, such measures to cut off the test interface eliminate any possibility of in-field testing. Other security enhancement techniques have been attempted, including encoding/decoding, scan chain scrambling and dummy insertion techniques. These conventional approaches cause significant design overhead and do not protect from all security threats. For example, despite these conventional measures an attacker can still load malicious data in the system.
What is needed is a way to provide secure scan capability while maintaining its testability benefits.